Windows security tips: Remote Desktop security, Windows hosts file and keyboard lock down tricks

Tip

Windows security tips: Remote Desktop security, Windows hosts file and keyboard lock down tricks

This tip concludes a series of articles on Windows security strategies. 

TABLE OF CONTENTS
Windows password security: Systems tools and policy
Securing Windows services to prevent hacker attacks
How to prevent SQL Server and Internet Explorer hack attacks
How to detect and remove rootkits with Windows encryption
Windows security: Remote Desktop, hosts file and keyboard lock down

 Reporting on the information security business for close to two decades now has meant that over those years I have collected quite a few tricks and tips for securing Windows. Some of them have been shared already in the earlier segments of this short series. However, I find myself with one part left and a bunch of assorted secrets left over. Bringing the two together seems like a good idea!

Windows 2000 tips and tricks 
Let's start with a good one for those of you still working with a Windows 2000 operating system, and there are plenty of people who still fall into that particular genre. Some may be surprised to know that a relatively simple nslookup can reveal plenty of hacker-friendly information. This is courtesy of W2K defaulting to allow DNS zone transfers to any server.

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

Thankfully, this distinctly dodgy default behaviour was stopped in Windows Server 2003 and later, but if upgrading is not an option, then the solution is as simple as it is obvious with hindsight. Configure it to restrict zone transfers to defined hosts or simply to none at all.

Windows Remote Desktop security
Secure the Remote Desktop for Windows XP and Windows Server 2003 by changing the port it runs on from the 3389 default to something less obvious, so as to hide it from port scanning kiddie scripters. This means rolling your sleeves up and getting into the Windows Registry to do this, specifically editing the following key:

HKEY_LOCAL_MACHINESYSTEM/CurrentControlSet/Control/TerminalServerWinStationsRDP-Tcp

Don't forget to bring a decimal to hex calculator to convert the port number to hex before updating the entry, though. Once saved, connect using Remote Desktop by adding ':' to the end of the IP address.

Windows hosts file
Often overlooked, the Windows hosts file can be used to securely manage IP addressing in any flavour of Windows. Layered security always wins out because a single-pronged defence is useless if that single prong gets poked to pieces.

The Windows hosts file should be thought of in terms of being a Windows IP address book. A Web browser will look in this file for any corresponding entry that matches the requested URL, and if it finds nothing, goes online to resolve the address using DNS. If it does find an entry, it goes where directed. To prevent non-admin types from visiting a specific site, have it resolve to 127.0.0.1, and they will go nowhere fast.

Windows lock down
When the need arises to leave one's desktop in a hurry, quickly lock any Windows XP or Vista-powered computer using the Windows key + L combo to go straight to a secure user login prompt.

Wrapping up Windows security tips
And that wraps up our Windows security strategy series, which we hope you have found useful. If you have any Windows security tips and tricks of your own, why not share them with us? Send us an email at editor@searchsecurity.co.uk.


About the author:
Davey Winder has worked as a freelance technology journalist for nearly 20 years. He is based in South Yorkshire.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in October 2008

 

COMMENTS powered by Disqus  //  Commenting policy

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.